Friday, January 07, 2005

Big SMTP Banner

While troubleshooting a mail problem with sending mail from my company to another organization, a coworker of mine found the strangest SMTP banner I’ve ever seen. The names have been changed to protect the RFC violators.

220-mail.xxxx.org ESMTP XXX-ITD Mail Server; Fri, 07 Jan 2005 15:45:29 -0500
220-****************************************
220-* Secure Mail Server *
220-* *
220-* All connections are logged! *
220-* This server employs anti-virus and anti-spam technology *
220-****************************************
220-ATTENTION! Access / Consent Notice.
220-This Organization (XXX) computer system is monitored.
220-This computer system, including all related equipment (includes internet access)
220-are provided only for authorized XXX use. XXX computer systems are monitored
.
220-To ensure their use is authorized, for management of the system, to facilitate
220-protection against unauthorized access, and to verify security procedures,
220-survivability, and operational security. During monitoring, information maybe
220-examined, recorded, copied, and used for authorized purposes.
220-All information, including personal information, placed on or sent over
220-this system may be monitored. Use of this XXX computer system, authorized or
220-unauthorized, constitutes consent to monitoring. Unauthorized use of this XXX
220-computer system may subject you to criminal prosecution. Evidence of unauthorized
220-use collected during monitoring may be used for administrative, criminal, or
220-other adverse action.
220 IF YOU DO NOT CONCUR WITH THE ABOVE NOTICE, LOG OFF NOW / DO NOT LOG IN.

In contrast, this is what a normal SMTP banner looks like

220 IGR-IMC-01.redmond.corp.microsoft.com Fri, 7 Jan 2005 12:46:41 -0800

Needless to say, I think that the mail delivery problem we are experiencing will be due to the extra large banner.

1 comment:

cryptojoe said...

Note, I am not 100 percent sure that there is an RFC violation here. RFC 821 does not define a limit to 220 domain Service ready responses, in all examples given, it is a single line. In all examples given in RFC 821, only one 220 response is given.